Senior Engineer, Security Operations
Who we are:
SoFi is a digital personal finance company whose mission is to help its members achieve financial independence to realize their ambitions, whether that be to buy a house one day, start a family on their own terms or be debt free. We aim to be at the center of our members’ financial lives, and to help every member Get Their Money Right®. By joining SoFi, you’ll become part of a forward-thinking company that is transforming financial services by embracing technology to build innovative loan products, investment tools, and more. One of the fastest growing fintech companies, we’ve grown from 250 employees in 2015 to over 1,500 employees today, and are well on our way to reaching 1 million members. With offices across the US, we offer the excitement of a rapidly growing startup with the stability of a seasoned management team and some of the best talent around. As an employer, we strive to hire employees who are committed to both our company’s mission and our desire to build the best culture in the world. If you are driven, passionate about what you do, and excited about the SoFi mission, we would love to hear from you.
The Senior Security Operations Engineer operates and maintains the Security team’s portfolio of vulnerability management, Security Incident and Event Management (SIEM), automation, and authentication tools. Additional tasks include forensic recovery/support, event management, spam investigation, threat feed management, penetration tests findings mitigation, proactive defense, network sensor auditing, and security event management. This role will focus heavily on operational and strategic level tasks, and provide counsel and guidance to the junior level security operations engineers in the department. The Senior Operations Engineer also serves in an architectural capacity, providing the appropriate information and planning required for new technology and policy deployments.
The ideal candidate is hands-on, articulate and focused, and can own projects, features and functionality; enjoys learning and mentoring others. Our core tools are LogRhythm/Cloudflare/Digital Guardian/Nessus/Clair/Whitesource, but you don't have to be an expert in any of these; we're looking for a world-class operations engineer to help create a world class security operations environment.
What you’ll do:
- Take the lead in security operations, including management, enhancement, and implementation
- Proactively identify, troubleshoot, and mitigate vulnerabilities and provide metrics for reporting
- Participate in incident response, threat modeling, and threat hunting
- Help expand defense-in-depth security for the organization to protect critical IT assets and data from internal and external threats
- Assist in the development, execution, and enforcement of security processes, policies, and procedures
- Monitor computer networks for security issues.
- Investigate security breaches and other cyber security incidents.
- Document security breaches and assess the damage they cause.
- Monitor and track known vulnerabilities in our applications and infrastructure.
- Work with teams to fix the vulnerabilities in their respected areas
- Stay current on IT security trends and news.
- Work with the security team to develop company-wide best practices for security.
- Research security enhancements and make recommendations to management.
- Stay up-to-date on information technology trends and security standards.
What you’ll need:
- Bachelor's degree in computer science or a related field.
- 6+ years of experience in information security or related field.
- Understanding of DNS, firewalls, proxies, WAFs, SIEM, antivirus, and IDPS concepts.
- Ability to identify and mitigate vulnerabilities and explain how to avoid them.
- Experience in network administration and security
- Experience in Web Application security and OWASP Top 10 knowledge
- Experience in UNIX/Linux operating systems administration
- Experience with configuration management tooling such as Salt
- Understanding of database administration and security issues related to relational databases (MySQL or Postgres)
- Experience with AWS cloud security and best practices
Nice to have:
- Working knowledge of Python or other scripting language
- Working experience with Java (or another Object-Oriented Programming language)
- Familiarity with at-scale services
- Familiarity with Docker and kubernetes
- Familiarity with secure coding practices
- Familiarity with security standards such as PCI DSS, ISO 27001, etc.
- Experience working with identity and access control management solutions
- Familiarity with infrastructure best practices
- Experience working in a risk based security program
Why you’ll love working here:
- Competitive salary packages and bonuses
- Comprehensive medical, dental, vision and life insurance benefits
- Generous vacation and holidays
- Paid parental leave for eligible employees
- 401(k) and education on retirement planning
- Tuition reimbursement on approved programs
- Monthly contribution up to $200 to help you pay off your student loans
- Great health & well-being benefits including: telehealth parental support, subsidized gym program
- Employer paid lunch program (except for remote employees)
- Fully stocked kitchen (snacks and drinks)
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.